2016 and Firmware - Cyber Security Informer

Backdoor Built into Android Firmware

Schneier on Security

JUNE 21, 2019

Triada first came to light in 2016 in articles published by Kaspersky here and here , the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. That meant the malware could directly tamper with every installed app. This is a supply chain attack.

Firmware

Firmware Manufacturing Malware Mobile

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

SecureList

JULY 25, 2022

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely. Infrastructure.

Firmware

Firmware DNS Malware Technology

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

MoonBounce: the dark side of UEFI firmware

SecureList

JANUARY 20, 2022

At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner , which has been integrated into Kaspersky products since the beginning of 2019. This one is made up of implants found in the UEFI firmware within the SPI flash, a non-volatile storage external to the hard drive.

Firmware

Firmware Malware Encryption Passwords

CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards

Bleeping Computer

JULY 26, 2022

Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. [.].

Malware

Malware Firmware

Zyxel 0day Affects its Firewall Products, Too

Krebs on Security

FEBRUARY 26, 2020

. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March.”

Firewall

Firewall Firmware VPN IoT

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier CVE-2016-1555 Netgear WN604 before 3.3.3 CVE-2017-6077 NETGEAR DGN2200 devices with firmware through 10.0.0.50 CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta, build 001 CVE-2020-9377 D-Link DIR-610 CVE-2016-11021 D-Link DCS-930L devices before 2.12 Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.” The network equipment vendor is now urging customers to update the firmware of their devices as soon as possible. “If 34 or 9.0.0.10

Firmware

Firmware Ransomware Passwords Mobile

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co.,

Firmware

Firmware Surveillance Marketing VPN

Millions of home routers on Mirai Botnet Radar

CyberSecurity Insiders

AUGUST 13, 2021

What’s interesting about this attack campaign is the hackers are targeting devices running on the firmware that is being supplied by Arcadyan. Mirai is a kind of malware that turns connected devices into remotely controlled devices called Bots.

Firmware

Firmware DDOS Malware Manufacturing

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

While last night’s Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second. .

IoT

IoT DDOS Internet Internet

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware IoT Internet

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

Malwarebytes

AUGUST 23, 2022

According to the researcher that reported it last year, the vulnerability has existed at least since 2016. The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021. Hikvision says you should download the latest firmware for your device from the global firmware portal.

Firmware

Firmware VPN Internet Internet

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The infamous TrickBot gets a new improvement, authors added a new feature dubbed “ TrickBoot ” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature.

Firmware

Firmware Malware Manufacturing Hacking

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

Home routers are being hijacked using vulnerability disclosed just 2 days ago

Malwarebytes

AUGUST 9, 2021

Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 The vulnerability is listed as CVE-2021-20090.

Firmware

Firmware DDOS Internet Internet

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

AMD is going to patch UEFI SMM callout privilege escalation flaw

Security Affairs

JUNE 22, 2020

AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability was discovered by the security researcher Danny Odler, it resides in the AMD’s Mini PC could allow attackers to manipulate secure firmware and execute arbitrary code.

Firmware

Firmware Architecture Advertising Manufacturing

SonicWall warns users of “imminent ransomware campaign”

Malwarebytes

JULY 15, 2021

The exploitation targets a known vulnerability that has been patched in newer versions of SonicWall firmware. x versions of the firmware. x firmware. x firmware versions. SRA 4200/1200 (EOL 2016) disconnect immediately and reset passwords. SMA 210/410/500v (Actively Supported) update firmware to 9.0.0.10-28sv

Ransomware

Ransomware Firmware VPN Firewall

Beastmode Mirai botnet now includes exploits for Totolink routers

Security Affairs

APRIL 2, 2022

The threat actors added TOTOLINK exploits just a week after the exploit codes were publicly released on GitHub in the attempt to compromise the largest number of devices as possible before the owners upgrade to the latest firmware releases. TOTOLINK has already addressed these flaws with the release of new firmware for vulnerable devices.

DDOS

DDOS Firmware Surveillance IoT

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware Internet Internet

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

CyberSecurity Insiders

NOVEMBER 11, 2021

Ax with firmware 1.04b12 and earlier. CVE-2016-1555. NETGEAR DGN2200 devices with firmware through 10.0.0.50. CVE-2016-6277. CVE-2016-11021. Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.2, Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 A2pvI042j1.d26m.

Malware

Malware IoT Firmware Authentication

Router Vulnerability and the VPNFilter Botnet

Schneier on Security

JUNE 11, 2018

More than 500,000 routers in at least 54 countries have been infected since 2016. That's the group behind a long list of attacks, including the 2016 hack of the Democratic National Committee. If you want to make sure your router cannot be reinfected, you need to update the firmware with any security patches from the manufacturer.

Malware

Malware Firmware Internet Internet

The U.S. Is Falling Behind on Encryption Standards – And That’s a Global Problem

eSecurity Planet

JULY 24, 2023

So the vendor community had some changes to make, but hardware vendors most likely did not have to create a new ASIC with new algorithms and merely had to modify firmware. Apple corecrypto Module v11.1 Apple silicon, Kernel, Software] Software 12/07/2022 Active 4391 Apple Inc. We need to have new encryption standards.

Encryption

Encryption Firmware Software Technology

INFRA:HALT flaws impact OT devices from hundreds of vendors

Security Affairs

AUGUST 4, 2021

NicheStack (aka InterNiche stack) is a proprietary TCP/IP stack developed originally by InterNiche Technologies and acquired by HCC Embedded in 2016. HCC Embedded has released firmware patches to address the INFRA:HALT issues. ” states the report. Experts found more than 2,500 device instances from 21 vendors.

DNS

DNS Manufacturing Firmware Technology

Episode 157: Do we need an FDA for Software? Also: operationalizing Threat Intelligence

The Security Ledger

AUGUST 16, 2019

Sarah Zatko of the Cyber Independent Testing Lab joins us to talk about CITL's big new study of firmware security. » Related Stories Spotlight Podcast: Unpacking Black Hat Hacks with Digicert CTO Dan Timpson Episode 156: Looming over Black Hat: doing Security at Massive Scale Huge Survey of Firmware Finds No Security Gains in 15 Years.

Firmware

Firmware Software Internet Internet

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

The Mirai botnet, initially discovered in October 2016 , infected Internet-connected routers, cameras and digital video recorders at scale. In 2018, UK regulators got the regulatory ball rolling taking steps that would eventually result in mandated minimum requirements for IoT data storage, communications and firmware update capabilities.

IoT

IoT Government Internet Internet

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft researchers have also identified that previous reports have used the vulnerability ID “ZERO-32906” for CVE-2018-20057, “GPON” for CVE-2018-10561, and “DLINK” for CVE-2016-20017; and that CVE-2020-7209 was mislabeled as CVE-2017-17106 and CVE-2022-42013 was mislabeled as CVE-2021-42013.”

IoT

IoT DDOS Malware Firmware

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

The D-Link DNS-320 model is no more available for sale, one of the members of the forum explained that the firmware of its NAS was never updated and its device was exposed to WAN through ports 8080, FTP port 21, and a range of ports for port forwarding.

Ransomware

Ransomware DNS Firmware Encryption

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

The files contained technical specs, product guides, and manuals for CPUs dating back to 2016.” . “Per our analysis, the leaked files contained Intel intellectual property respective to the internal design of various chipsets. ” reported ZDNet.

Firmware

Firmware Advertising Engineering Hacking

Apple and Samsung fined millions for “planned obsolescence” of old smartphones

Security Affairs

OCTOBER 27, 2018

In particular, Samsung was challenged for the update issued on May 2016 for Galaxy Note 4, while for Apple the AGCM questioned the update issued on September 2016 for the several devices supported at the time (i.e. ” ” AGCM said in a statement.

Mobile

Mobile Firmware Advertising Software

Top 6 Rootkit Threats and How to Protect Yourself

eSecurity Planet

NOVEMBER 7, 2022

Firmware Rootkit. A firmware rootkit uses device or platform firmware to create a persistent malware image in the router, network card, hard drive or the basic input/output system (BIOS). The rootkit is able to remain hidden because firmware is not usually inspected for code integrity.

Firmware

Firmware Malware Antivirus Firewall

Millions put at risk by old, out of date routers

Malwarebytes

MAY 7, 2021

Based on its assessment, it reckons that at least two million Britons are at risk from routers that haven’t been updated since 2016. Firmware updates aren’t only important for performance, they’re also needed to fix security issues when they arise. Lack of updates. A wake up call to ISPs.

Risk

Risk Passwords Internet Internet

IT threat evolution Q1 2022

SecureList

MAY 27, 2022

MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). Targeted attacks. The campaign has two goals: gathering information and stealing cryptocurrency.

Phishing

Phishing Spyware Firmware Malware

Router security in 2021

SecureList

JUNE 8, 2022

Discovered back in 2016, it remains the most common malware infecting IoT devices. Although we cannot say for sure what they intended to do next, this malware persists in the firmware even after a factory reset and gives attackers remote access to compromised networks. Make sure to update the firmware. Conclusion.

DDOS

DDOS Passwords IoT Firmware

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Security Affairs

SEPTEMBER 27, 2018

The group was involved also in the string of attacks that targeted 2016 Presidential election. This solution comes pre-installed in the firmware of a large number of laptops manufactured by various OEMs, waiting to be activated by their owners.” The only way to remove the malware is reflashing the UEFI firmware.

Firmware

Firmware Malware Advertising Government

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The group was involved also in the string of attacks that targeted 2016 Presidential election. The agencies recommend updating to the latest firmware and switching from SNMP to NETCONF or RESTCONF for network management. ” continues the report.

Malware

Malware Firmware Government Education

Episode 114: Complexity at Root of Facebook Breach and LoJax is a RAT You Can’t Kill

The Security Ledger

OCTOBER 2, 2018

We’ll talk to firmware security expert Giovanni Vigna of the firm Lastline about the truth and hype around LoJax and other firmware based attacks. Last week, the security firm ESET warned that it identified a sample in the wild. Even worse: the Russian Hacking Group Fancy Bear was believed to be responsible.

Firmware

Firmware Digital transformation Accountability Malware

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

Mamba was first spotted on September 2016 when experts at Morphus Labs discovered the infection of machines belonging to an energy company in Brazil with subsidiaries in the United States and India. Install updates/patch operating systems, software, and firmware as soon as they are released. • hard drive, storage device, the cloud).

Ransomware

Ransomware Encryption Passwords Malware

Car owners warned of another theft-enabling relay attack

Malwarebytes

MAY 17, 2022

In 2016, we had a brakes and doors issue. 2020 saw people rewriting key-fob firmware via Bluetooth. Tesla owners are no strangers to seeing reports of cars being tampered with outside of their control. Back in 2021, a zero-click exploit aided a drone in taking over the car’s entertainment system.

Wireless

Wireless Firmware Authentication Hacking

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

eSecurity Planet

MARCH 4, 2024

The problem: The FBI warns that during the dismantling of the Moobot botnet, agents detected code from other Russian attackers, including the notorious Fancy Bear (AKA: APT28 or Military Unit 26165) also responsible for the attack on the US Democratic National Committee (DNC) before the 2016 election.

IoT

IoT Internet Internet Ransomware

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Triada Trojan was spotted for the first time in 2016 by researchers at Kaspersky Lab that considered it the most advanced mobile threat seen to the date of the discovery. Threat actors compromised third-party software or the installation of malware-laced firmware. The highest number of infected devices in the U.S.,

Mobile

Mobile Advertising Malware Cybercrime

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

This archive is discreetly hosted on legitimate websites, cleverly disguised as firmware binaries for enigmatic devices labeled “m100” The Bitbucket repository was created on June 21, 2018, under the account of Julie Heilman, and it remains the sole repository associated with this profile. onion ghtyqipha6mcwxiz[.]onion

Malware

Malware DNS Encryption Cryptocurrency

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Malwarebytes

JANUARY 12, 2022

Patches that can cause problems include the following: KB5009624 for Server 2012 R2 KB5009595 for Server 2012 R2 KB5009546 for Server 2016 KB5009557 for Server 2019. The Windows Platform Binary Table is a fixed firmware ACPI (Advanced Configuration and Power Interface) table. It’s unclear if Server 2022 is similarly impacted.

Authentication

Authentication Firmware Passwords Technology

Backdoor Built into Android Firmware

Android devices shipped with backdoored firmware as part of the BADBOX network

Webinars

Trending Sources

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Webinars

MoonBounce: the dark side of UEFI firmware

CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards

Zyxel 0day Affects its Firewall Products, Too

BotenaGo botnet targets millions of IoT devices using 33 exploits

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Patch now! Insecure Hikvision security cameras can be taken over remotely

Millions of home routers on Mirai Botnet Radar

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Hikvision cameras could be remotely hacked due to critical flaw

Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover

TrickBoot feature allows TrickBot bot to run UEFI attacks

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Home routers are being hijacked using vulnerability disclosed just 2 days ago

IoT Unravelled Part 3: Security

AMD is going to patch UEFI SMM callout privilege escalation flaw

SonicWall warns users of “imminent ransomware campaign”

Beastmode Mirai botnet now includes exploits for Totolink routers

Over 80,000 Hikvision cameras can be easily hacked

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits

Router Vulnerability and the VPNFilter Botnet

The U.S. Is Falling Behind on Encryption Standards – And That’s a Global Problem

INFRA:HALT flaws impact OT devices from hundreds of vendors

Episode 157: Do we need an FDA for Software? Also: operationalizing Threat Intelligence

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

A new Zerobot variant spreads by exploiting Apache flaws

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Intel investigates security breach after the leak of 20GB of internal documents

Apple and Samsung fined millions for “planned obsolescence” of old smartphones

Top 6 Rootkit Threats and How to Protect Yourself

Millions put at risk by old, out of date routers

IT threat evolution Q1 2022

Router security in 2021

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Episode 114: Complexity at Root of Facebook Breach and LoJax is a RAT You Can’t Kill

FBI published a flash alert on Mamba Ransomware attacks

Car owners warned of another theft-enabling relay attack

VulnRecap 3/4/24 – Ivanti, Ubiquiti, AppLocker Under Attack

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

StripedFly: Perennially flying under the radar

Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one

Stay Connected